• State Not Answered
  • Replies 4 replies
  • Subscribers 74 subscribers
  • Views 1048 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 250454
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Chain of Trust for Network Core - nRF5340

Zuiuzz

Hi,

I was following your guide to implement a secure boot chain (https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/ug_bootloader.html) and therefore build a chain of trust. However I found no information about integrating the Network Core into this trusted chain.

The Application Core can't read the Flash of the Network Core and thus can't verify the code.

So I was wondering how I should approach the Netwok Core when building a chain of trust. Hopefully you can give me an overview over your security concept for this second core.

Thank you in advance.

  • 0

    At the moment this is not supported since the application does not have access to read the flash of the network core.

    I talked to some of the developers and was told that this, in addition to performing DFU on the network core, should be possible in the next NCS release (v1.3.0).

    Best regards,

    Simon

  • 0 in reply to Simon

    Can you give any further information on how you are planning to implement this.

    I just cannot think of an implementation if the app core can't access the Memory of the Net Core.

  • 0 in reply to Zuiuzz

    The solution will be as follows:

    The net core updates are signed in the same way as app core updates, using MCUBoot.
    The only MCUBoot instance in the system is the one on the app core.
    When the app core MCUBoot (hereby simply called "mcuboot") finds a valid update where the vector table indicates that this firmware belongs to the net core (they have different address spaces) it will write a "command" to a reserved RAM area shared between the net core and the app core.
    The "command" consists of: address, length, sha of the new firmware (which is already signature-checked).
    Next mcuboot will enable the network core.
    On the network core there is an immutable bootloader (B0N) which does three things:
    - inspect the shared RAM area for a command - and execute if found
    - lock the Flash
    - start the network core application

    when b0n executes the command it does the following:

    - copy the specified area to the app partition
    - verify the SHA after copying is finished, if it fails, indicate this by writing to the shared RAM command area.
    - follow procedures as normal (lock, start)

    This is a top view design, and some details might be missing.

    In general, the app core can instruct the network core on how to fetch the update.

    An alternative solution is to write a flash_driver which use RPC to control the flash_driver on the network core from the application core, this way no modification would be needed in mcuboot.

  • 0 in reply to Zuiuzz

    Thank you very much for your detailed answer.

    This cleared things up a lot.

Related
Terms of service